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EXPRESS MAIL NO. EV529825762US 

Redlined Substitute Specification 
890050.523USPC 

SPEC I F I CATION 
A LOG-IN METHOD FOR A CLIENT SERVER SYSTEM, 
A COMPUTER PROGRAM AND A RECORDING MEDIUM 

BACKGROUND OF THE INVENTION 

5 Field of the Invention 

The present invention relates to a log-in method for a client server 
system and particularly, to a log-in method for a client server system which 
enables a client computer to log in to a server accessible via either the Internet or 
a LAN with high security and operability, a computer program for executing the log- 
10 in method and a recording medium in which the computer program is stored. 

Description of the Prior-Related Art 

Recently, the teaching of lessons using personal computers and 
education for enhancing information literacy are being actively conducted as part 
"of graderschool teaching—A number_of personaLcomputers each connected to a 
15 LAN and the Internet are installed in a grade school and a system environment 
easy for elementary school students to use is set up. In a grade school, the 
students operate personal computers to send emails to teachers or other students, 
browse a bulletin board or a class newspaper, or post their own homepages on a 
network. 

20 It is possible to browse the bulletin board or the like and post 

homepages on the network by accessing a server connected to a LAN installed at 
the grade school. The server normally requires the user to input a log-in name and 
a password when the LAN is logged in to from a personal computer and allows him 
or her to access the server when they are correct, so that only the teachers, grade 

25 school students or related persons can access the server and unspecified users 
cannot access it. 
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In order to log in to the LAN from the client computer, a log-in name 
and password are ordinarily entered in text boxes, namely, the direct input method 
is employed. 

However, this method is often inconvenient for a child in the lower 
5 grades of elementary school when logging in to a server from a personal computer 
connected to a LAN in a school. Specifically, since such a child is not familiar with 
the operation of a keyboard and often does not know the letters of the alphabet, it 
is difficult for him or her to directly input a log-in name or a password in a text box. 

Therefore, there is sometimes employed a method (a selection 
10 method) which requires a user to directly input only a password between a log-in 
name and a password and to select a log-in name from those displayed on a 
screen. According to this method, since a log-in name can be specified only by 
operating a mouse without operating a keyboard, it is possible to simplify the log-in 
operation. 

15 However, in the case of logging in to the server via the Internet, 

persons other than grade school students can freely access the server, so that it is 
necessary to-be more careful-abouU^ operation than in the 

case of logging in to the server via a LAN. Therefore, in such a case, it is not 
preferable from the viewpoint of security to display a list including log-in names of 

20 other persons so that log-in names of other persons can be easily known. 

BRIEF SUMMARY OF THE INVENTION 

It is therefore an object of the present invention to provide a log-in 
method for a client server system which enables a client computer to log in to a 
server accessible via the Internet or a LAN with high security and operability, a 
25 computer program for performing the log-in method and a recording medium in 
which the computer program is stored. 

The above object of the present invention can be accomplished 
by a log-in method for a client server system constituted so as to display a 
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predetermined log-in screen on a client computer, the server being 
constituted so as to obtain identification data of the client computer in 
response to a connection request from the client computer, judge based on 
the identification data of the client computer a network to which the client 
5 computer is connected, display a first log-in screen on the client computer 
when it judges that the network to which the client computer is connected is 
a first network, and display a second log-in screen on the client computer 
when it judges that the network to which the client computer is connected is 
a second network. 

10 According to the present invention, since the server judges what 

network the client computer which wishes to log in is connected and 
displays a log-in screen on the client computer depending upon the result of 
the judgment, the level of difficulty of the log-in operation of the client 
computer can be determined depending upon the client computer and it is 

15 therefore possible to provide a log-in method for a client server system 
which enables a client computer to log in to a server accessible via the 

Internet or a LAN with high security-andjjperability. 

For example, in a client server system including a server 
connected to a LAN installed in a grade school and to the Internet, in the 

20 case where a child in the lower grades of elementary school logs in the 
server from a client computer connected to the installed LAN, considering 
that the child is not familiar with the operation of a keyboard and does not 
understand letters of the alphabet, it is very advantageous for the child to 
provide a convenient system to enable him or her to more simply log in the 

25 server than in the case of logging in to the server via the Internet. On the 
other hand, in the case of logging in to the server via the Internet, since 
persons other than the grade school students can freely access the server, it 
is very advantageous for improving the security level to require the user to 
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perform a more difficult log-in operation than in the case of logging in to the 
server via the LAN. 

In a preferred aspect of the present invention, the second log-in 
screen is constituted so that it can be used more easily than the first log-in screen. 
5 According to this preferred aspect of the present invention, 

since the level of difficulty of the log-in operation is determined depending 
upon the level that it is necessary to restrict access from the network to the 
server, it is possible to provide a log-in method which enables a client 
computer to log in to a server with high security and operability. 

10 In a further preferred aspect of the present invention, the first 

log-in screen is adapted to be directly input with both a log-in name and a 
password of a user and the second log-in screen is constituted so as to 
require a user to select a log-in name of the user and directly input a 
password of the user. 

15 According to this preferred aspect of the present invention, 

since a method which requires a user to directly input both the log-in name 
andthe password of-the-user_is_empJoyedjnJhe_first log-in screen and a 
method which requires the user to directly input only the password of the 
user but to select the log-in name of the user is employed in the second log- 

20 in screen, it is possible to provide a log-in method depending upon the level 
of the security of a network. 

In a further preferred aspect of the present invention, the first 
log-in screen is adapted to be directly input with both a log-in name and a 
password of a user and the second log-in screen is constituted so as to 

25 require a user to select a log-in name of the user in accordance with an 
auto-complete format and to directly input a password of the user. 

According to this preferred aspect of the present invention, 
since a method which requires a user to directly input both a log-in name 
and a password of the user is employed in the first log-in screen and a 
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method which requires the user to directly input only the password of the 
user but to select a log-in name of the user in accordance with an auto- 
complete format is employed in the second log-in screen, it is possible to 
provide a log-in method depending upon the level of the security of a 
5 network. 

In a preferred aspect of the present invention, the level of access 
restriction to the second log-in screen from a network is determined to be higher 
than that to the first log-in screen. 

According to this preferred aspect of the present invention, since the 

1 0 level of difficulty of the log-in operation is determined depending upon the level that 
it is necessary to restrict access from the network to which the client computer is 
connected, it is possible to provide a log-in method which enables a client 
computer to log in to a server with high security and operability. 

In a further preferred aspect of the present invention, the server is 

1 5 constituted so as to refer to a list in which at least the identification data of the 
client computer connected to the second network is registered when it judges a 
network the client-eomputer-isxonnected to based on the identification data. 

According to this preferred aspect of the present invention, since the 
relationship between the identification data and the network is registered in a list 

20 and the network the client computer is connected to is judged by referring to the 
relationship between the identification data and the network registered in the list, it 
is possible to easily and reliably judge the network the client computer is 
connected to. Further, it is possible for an administrator of a machine or a network 
to set and change the level of access restriction of each of the client computers on 

25 the list. 

In a preferred aspect of the present invention, the first network is 
constituted as the Internet and the second network is constituted as a local area 

network. 
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According to this preferred aspect of the present invention, since 
whether the client computer which wishes to log in to is connected to the Internet 
or a local area network is judged and the level of difficulty of the log-in operation is 
determined based on the result of the judgment, it is possible to provide a log-in 
5 method in which security and operability can be simultaneously improved. 

In a further preferred aspect of the present invention, the 
identification data are constituted as an IP address and the server is constituted so 
as to refer to an address list in which at least IP addresses of client computers 
connected to the local area network are registered, judge that when the IP address 
10 is registered in the address list, a client computer having the IP address is 
connected to the local area network and judge that when the IP address is not 
registered in the address list, a client computer having the IP address is connected 
to the Internet. 

According to this preferred aspect of the present invention, 
15 since whether the client computer which wishes to log in is connected to the 
server via the Internet or the local area network is judged by referring to the 
~addressHistrit-is-possible4oj/ery_eajs^yjudge what network the client 
computer is connected to without any additional identification data. Further, 
it is possible for an administrator of a machine or a network to set and 
20 change the level of access restriction of each of the client computers on the 
list. 

In a further preferred aspect of the present invention, the 
identification data are constituted as an IP address and the server is 
constituted so as to judge that when the IP address is a global IP address, a 
25 client computer having the IP address is connected to the Internet and judge 
that when the IP address is a local IP address, a client computer having the 
IP address is connected to the local area network. 

According to this preferred aspect of the present invention, 
since whether the client computer which wishes to log in to is connected io 
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the server via the Internet or the local area network is judged based on the 
IP address of the client computer, it is possible to judge what network the 
client computer is connected to based only on the format of the IP address 
and therefore, it is possible to very easily judge what network the client 
5 computer is connected to without any additional identification data. 

The above object of the present invention can be also 
accomplished by a computer-readable recording medium in which is 
recorded a computer program for enabling a server in a client server system 
constituted so as to display a predetermined log-in screen on a client 

10 computer to execute at least a step of obtaining identification data of the 
client computer in response to a connection request from the client 
computer, a step of judging based on the identification data of the client 
computer a network to which the client computer is connected, a step of 
displaying a first log-in screen on the client computer when it is judged that 

1 5 the network to which the client computer is connected is a first network, and 
a step of displaying a second log-in screen on the client computer when it is 
~judged-that-the-network-to-whichJbejcJL^ is a 

second network. 

According to the present invention, it is possible to achieve a 

20 log-in method in which security and operability can be simultaneously 
improved by installing the computer program in the server. 

The above object of the present invention can be also accomplished 
by a computer-readable recording medium in which is recorded a computer 
program for enabling a server in a client server system constituted so as to display 

25 a predetermined log-in screen on a client computer to execute at least a step of 
obtaining identification data of the client computer in response to a connection 
request from the client computer, a step of judging based on the identification data 
of the client computer a network to which the client computer is connected, a step 
of displaying a first log-in screen on the client computer when it is judged that the 
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network to which the client computer is connected is a first network, and a step of 
displaying a second log-in screen on the client computer when it is judged that the 
network to which the client computer is connected is a second network. 

According to the present invention, it is possible to achieve a log-in 
5 method in which security and operability can be simultaneously improved by 
setting the above defined recording medium in the server of the client server 
system and installing the computer program in the server. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a schematic view showing a client server system to which 
10 a log-in method which is a preferred aspect of the present invention is applied. 

Figure 2 is a block diagram showing a hardware configuration of a 

server 101. 

Figure 3 is a view showing a software configuration of a server 101. 

Figure 4 is a view showing one example of a first log-in screen 
15 displayed on a client computer 102c when the client computer 102c accesses a 
server 101: 

Figure 5 is a view showing one example of a second log-in screen 
displayed on a client computer 102a or a client computer 102b when it accesses a 
server 101. 

20 Figure 6 is a flowchart showing steps of the operation of a server 1 01 

when the server 101 is logged in to. 

Figure 7 is a view showing another preferred embodiment of the 
second log-in screen shown in Figure 5. 

Figure 8 is a view showing another preferred embodiment of the 
25 second log-in screen shown in Figure 5. 

Figure 9 is a view showing a further preferred embodiment of the 
second log-in screen shown in Figure 5. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Hereinafter, preferred embodiments of the present invention will be 
described in detail with reference to accompanying drawings. 

Figure 1 is a schematic view showing a client server system to which 
5 a log-in method which is a preferred aspect of the present invention is applied. 

As shown in Figure 1, the system has a configuration in which a web 
server 101 and client computers 102a and 102b are connected to a LAN 103. 
Further, an Internet connection device 104 such as a broad band router is 
connected to the LAN 103 so that the LAN 103 is connected to the Internet 105 via 
10 the broad band router 104 and the client computer 102c is connected to the LAN 
103 via the Internet 105. Here, although it is necessary to interpose a modem 
between the broad band router 104 and the Internet 105 in accordance with how 
the client server system is connected to the Internet 105, such a modem is omitted 
in Figure! 

15 The server 101 is constituted so as to provide various services to be 

supplied from a web server, an FTP server, a POP server and the like. It is 
"prefefabte for theserver-1 0-1-to-beconstituted as a com puter having relatively 
higher processing capacity than that of each of the client computers. In the case 
where much higher processing capacity is required for the server 101 , it is 

20 preferable for the server 1 01 to be constituted as a work station. 

Figure 2 is a block diagram showing a hardware configuration of the 

server 101. 

As shown in Figure 2, the server 101 includes a CPU 201, a memory 
202, a hard drive disk (HDD) 203, a removable disk drive 204 which can reproduce 
25 data from and record data in recording media such as a flexible disk, a CD-ROM, a 
CD-R, a DVD-ROM or the like, an input and output interface 205 and a LAN 
adapter 206, which are connected via a bus 207. The server 101 is connected via 
the input and output interface 205 to a display, a keyboard and the like and is 
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connected via the LAN adapter 206 to the LAN 103. The configuration of the 
server 101 is substantially the same as that of an ordinary computer. 

Figure 3 is a view showing a software configuration of the 

server 1 01 . 

5 As shown in Figure 3, the server 101 includes a device driver 

301, an operating system (OS) 302 and application software 303. The 
application software 303 includes a log-in control program 304 for 
performing a log-in method according to this embodiment as one function of 
server software. These programs are installed on the hard disk drive 203, 

10 read from the hard disk drive 203 when the computer is started or when an 
executable file is launched, thereby being loaded in a memory and 
sequentially executed by the computer. 

These programs may be supplied in the form of a recording 
medium such as a CD-ROM storing them, for example. In such a case, the 

15 software is installed in the client computers 102a to 102c by setting the 
recording medium in the removable disk drive 204 and storing it on the hard 
disk drive-203— Instead.-the-softwarejTiay be downloaded via the Internet 
105. In such a case, the software is installed in the client computers 102a to 
102c by being downloaded via the network adapter 206 and being stored on 

20 the hard disk drive 203. 

The server 101 further includes in addition to the above 
mentioned programs a log-in data table 305 which contains the log-in name 
and password of each user and log-in screen data 306 used to display a log- 
in screen on the displays of the client computers 102a to 102c when the 

25 client computers 1 02a to 1 02c are connected to the server 1 01 . 

As each of the client computers 102a to 102c shown in Figure 
1, various terminal devices, a desktop personal computer, a laptop personal 
computer, a PDA, a cellular telephone or the like can be used. The 
configuration of each of the client computers 102a to 102c is substantially 
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the same as that of an ordinary computer and therefore, is substantially the 
same as that of the server 101 shown in Figure 2. The application software 
of each of the client computers includes a web browser. 

When one of the client computers 102a to 102c accesses the server 
5 101, the server 101 first transmits log-in screen data to the client computer, 
whereby a log-in screen is displayed on the display thereof. 

Figure 4 is a view showing one example of a first log-in screen 
displayed on the client computer 102c when the client computer 102c accesses 
the server 101. 

10 As shown in Figure 4, a first log-in screen 401 for accessing the 

server 101 via the Internet is displayed on the display of the client computer 102c 
and the first log-in screen 401 is constituted so that a log-in name and password of 
the user are to be entered in a text box 402 and a text box 403 thereof, 
respectively. The user puts a pointer on the text box 402 to which a log-in name is 

15 to be input, thereby putting the first log-in screen in text input mode, and enters a 
log-in name therein. A password is entered similarly. Thereafter, when an "OK" 
button-404-is elieked r data-regardingJheJog^n^e^nd the password are 
transmitted to the server 101. 

Figure 5 is a view showing one example of a second log-in screen 

20 displayed on the client computer 102a or the client computer 102b when it 
accesses the server 101. 

As shown in Figure 5, a second log-in screen 501 for accessing the 
server 101 via the LAN, which can be more easily operated than the first log-in 
screen, is displayed on the display of the client computer 102a or the client 

25 computer 102b. The second log-in screen 501 is so constituted that a log-in name 
is selected from a list 502 and a password is directly input to a text box 503. 
Specifically, when a log-in name is to be entered, the user selects a log-in name 
from the list 502 and puts a pointer on and clicks the thus selected log-in name. 
On the other hand, when a password is to be entered, the user puts the pointer on 
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the text box 503 into which the password is to be entered, thereby putting the 
second log-in screen 501 in the text input mode, and directly enters the password 
therein. Thereafter, when the "OK" button 504 is clicked, data regarding the log-in 
name and the password are transmitted to the server 101 . 
5 In order to judge whether the client computer which wishes to log-in 

is connected to the LAN or the Internet, an IP address is referred to as 
identification data. 

Figure 6 is a flowchart showing steps of the operation of the server 
101 when the server 101 logs in. 
10 As shown in Figure 6, when the server 101 receives a connection 

request from one of the client computers, the server 101 first obtains data 
regarding an IP address contained in a packet transmitted from the client computer 
(S601). 

The server 101 then compares the thus obtained IP address with an 
15 address list stored therein (S602). Here, local IP addresses of the client 

computers connected to the LAN are recorded in the address list. Therefore, the 
server-1 01-can judge-by-ComparingjHieJPjadd^ess with the address list whether 
the IP address is a local IP address or a global IP address. 

In the case where the server 101 judges that the IP address is a 
20 global IP address (S603N), the server 101 transmits screen data to the 
client computer so as to cause the client computer to display a log-in screen 
(the first log-in screen) shown in Figure 4 so constituted that both a log-in 
name and a password are to be directly entered (S604). 

On the other hand, in the case where the server 1 01 judges that 
25 the IP address is a local IP address (S603Y), the server 101 transmits 
screen data to the client computer so as to cause the client computer to 
display a log-in screen (the second log-in screen) shown in Figure 5 so 
constituted that a log-in name is to be selected from a list displayed therein 
and only a password is to be directly entered (S605). 
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In this embodiment, since what network the client computer 
which wishes to log in is connected is judged and the level of difficulty of the 
log-in operation of the client computer can be determined based on the 
result of the judgment, it is possible to provide a log-in method in which the 
5 security and operability can be simultaneously improved. 

Figures 7 and 8 are views showing another embodiment of the 
second log-in screen shown in Figure 5. 

As shown in Figures 7 and 8, in this embodiment, only a list of 
log-in names is displayed and when a log-in name has been selected, a 
10 screen constituted so that a password is to be directly entered therein is 
displayed. 

As shown in Figure 7, when a connection request is made, a 
log-in screen 701 including only a list 502 and no text box for password input 
is displayed. When the log-in name of the user has been selected from the 

15 list 502, then, as shown in Figure 8, a screen 801 including the log-in name 
802 and a text box 803 for password input is displayed. When the password 
of the user-has-been-entered-and_an "OK" button 804 is clicked, data 
regarding the log-in name and the password are transmitted to the server 
101 . Here, it is not absolutely necessary to transmit the log-in name and the 

20 password at the same time and the log-in name and the password may be 
transmitted separately to the server in such a manner that the log-in name is 
first transmitted when it is selected and then the password is transmitted 
when it is entered. 

Figure 9 is a view showing a further preferred embodiment of 

25 the second log-in screen shown in Figure 5. 

As shown in Figure 9, in this embodiment, similarly to in the above 
described embodiments, a log-in screen for accessing the server 101 via the LAN, 
which can be more easily operated than the first log-in screen, is displayed on the 
client computers 102a and 102b. However, in this embodiment, when a log-in 
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name is selected from the list, the log-in name is selected in accordance with an 
auto-complete format. In the auto-complete format, when the first character of a 
log-in name is entered in the text box, a plurality of possible log-in names having 
the same character as the first character are displayed in the form of a list and 
5 when the second character, third character and so on of the log-in name are 
further input, possible log-in names are displayed. 

Specifically, as shown in Figure 9, after the user puts the pointer on 
the text box to which a log-in name is to be entered and puts the screen in text 
input mode, then, when the user enters the first character of a log-in name, 

10 possible log-in names having the same character as the first character are 
displayed in a drop down list 903. When the user puts the pointer on the log-in 
name to be selected from the drop down list 903 and clicks the log-in name, the 
log-in name is selected. On the other hand, since it is not preferable form the 
viewpoint of security for a password to be selected from a list, the password is 

15 directly entered in a text box 904 by the user. This operation is the same as that in 
Figure 5. Thereafter, when the user clicks an "OK" button 905, data regarding the 
log-in~name-and~the-password-areJransm . 

The present invention has thus been shown and described with 
reference to specific embodiments. However, it should be noted that the present 

20 invention is in no way limited to the details of the described arrangements but 
changes and modifications may be made without departing from the scope of the 
appended claims. 

For example, in the above described preferred embodiments, 
although the explanation was made as to the case where the two networks are the 

25 Internet and a LAN, it is not absolutely necessary for the two networks to be the 
Internet and a LAN and both networks may be LANs. In other words, the present 
invention can be applied to a system in which a server is logged in to from client 
computers via any two networks whose security levels are different. 
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Furthermore, in the above described preferred embodiment, although 
it is judged that a connection request was made from a client computer connected 
to the LAN when the IP address is a local IP address and a corresponding log-in 
screen is provided, the present invention can be applied to the case where global 
5 IP addresses are assigned to client computers connected to a LAN. For example, 
even in the case where access to a network is restricted from the outside by a fire 
wall or a proxy server, in other words, in the case where global IP addresses are 
assigned to client computers connected to a LAN, if the IP addresses are 
registered in the above mentioned address list, it is possible to judge the kind of 

10 the network by referring to the address list. 

Moreover, in the above described preferred embodiments, although 
the explanation was made as to the case where an IP address is used as 
identification data, it is not absolutely necessary to use an IP address as 
identification data and a MAC address or other identification data may be used as 

15 identification data of a client computer. Specifically, it is sufficient for identification 
data of a client computer to be identification data by which it can be judged 
-whether-the-client-computerJs_att<^ via a first network or a second 

network, and identification data of a client computer include not only identification 
data on the Internet such as an IP address but also individual data of a client 

20 computer such as a MAC address. Further, identification data used only for 
selecting a log-in screen may be used. 

Further, in the above described preferred embodiment, although the 
explanation was made as to the case where local IP addresses of client computers 
connected to the LAN are individually registered in the address list, it is not 

25 absolutely necessary- to individually register local IP addresses of client computers 
connected to the LAN in an address list and a range of IP addresses of client 
computers connected to a LAN may be registered in an address list as reference 
data. Further, it is possible to automatically produce an address list by causing the 
server to search for IP addresses on the LAN and automatically update an address 
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list by causing the server to regularly search for local IP addresses on the LAN and 
adding local IP addresses thereto or deleting local IP addresses therefrom. 
Furthermore, it is possible for the administrator of a network himself or herself to 
produce and update an address list. 

Moreover, web pages include various web pages which are 
produced using program languages such as HTML, SGML, XML and the like 
and can be browsed using a web browser. 

As described above, according to the present invention, it is 
possible to provide a log-in method for a client server system which enables 
a client computer to log in to a server accessible via the Internet or a LAN 
with high security and operability, a computer program for performing the 
log-in method and a recording medium in which the computer program is 
stored and the like. 
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